1. Field of the Invention
The present invention relates to an access control method for a resource of a tenant different from an executor in a multitenant service.
2. Description of the Related Art
Conventionally, a web application has mainly taken a form for preparing and providing a dedicated server for each enterprise or organization of service delivery destination. However, the form for preparing the dedicated server for each delivery destination degrades cost efficiency. Therefore, in recent years, a form called a “multitenant service” for providing one and the same web application loaded on a shared server to a plurality of enterprises or organizations has been receiving plenty of attention. Here, the “tenant” means a unit of enterprise or organization to which services are to be provided with the conventional dedicated server.
As compared with a method for using a dedicated server for each tenant, the multitenant service is superior in terms of costs but has issues in terms of security. In the conventional form, since data which a tenant possesses is managed by the dedicated server for each tenant, and is physically separated, and as a result, a risk of data leakage is low. However, in the multitenant service, since data of a plurality of tenants is managed by a shared server, the data is not physically separated, and as a result, a risk of data leakage becomes high. Therefore, in the multitenant service, a mechanism for logically separating the data is essential in order to prevent data leakage among tenants.
For example, Japanese Patent Application Laid-Open No. 2010-26653 discusses a method for using a tenant ID as a key for logically separating data. The multitenant service is realized by a method for associating the tenant ID with a user ID which is an attribute for identify the user, and similarly assigning the tenant ID also to the data which the tenant possesses. More specifically, this is an access control method for identifying the user ID as well as the tenant ID by a user authentication, and authorizing access to only the data to which the identical tenant ID has been assigned, during data access.
In the multitenant service, security of the entire service is guaranteed by logically separating the data for each tenant, and performing control so that data of other tenants cannot be accessed.
However, in an operation of the multitenant service, there are some special cases in which accesses to the data of other tenants become necessary.